3 # Test the capture engine of the Wireshark tools
7 # Wireshark - Network traffic analyzer
8 # By Gerald Combs <gerald@wireshark.org>
9 # Copyright 2005 Ulf Lamping
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, writeto the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 # common exit status values
32 capture_test_output_print() {
35 if [[ -f "$f" ]]; then
44 # Generate some traffic for quiet networks.
45 # This will have to be adjusted for non-Windows systems.
46 ## ping -n 20 www.wireshark.org > /dev/null 2>&1 &
48 { date; ping -n 20 www.wireshark.org; date; } > ./testout_ping.txt 2>&1 &
53 rm -f ./testout_ping.txt
56 # capture exactly 10 packets
57 capture_step_10packets() {
58 if [ "$WS_SYSTEM" != "Windows" ] ; then
66 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
69 -a duration:$TRAFFIC_CAPTURE_DURATION \
74 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
76 capture_test_output_print ./testout.txt
77 # part of the Prerequisite checks
78 # wrong interface ? output the possible interfaces
80 test_step_failed "exit status of $DUT: $RETURNVALUE"
84 # we should have an output file now
85 if [ ! -f "./testout.pcap" ]; then
86 capture_test_output ./testout.txt
87 test_step_failed "No output file!"
91 # ok, we got a capture file, does it contain exactly 10 packets?
92 $CAPINFOS ./testout.pcap > ./testout2.txt
93 grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
98 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
99 # part of the Prerequisite checks
100 # probably wrong interface, output the possible interfaces
102 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
106 # capture exactly 10 packets using "-w -" (piping to stdout)
107 capture_step_10packets_stdout() {
108 if [ "$WS_SYSTEM" != "Windows" ] ; then
116 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
118 -a duration:$TRAFFIC_CAPTURE_DURATION \
121 > ./testout.pcap 2>>./testout.txt
123 date >> ./testout.txt
124 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
128 test_step_failed "exit status of $DUT: $RETURNVALUE"
132 # we should have an output file now
133 if [ ! -f "./testout.pcap" ]; then
134 test_step_failed "No output file!"
138 # ok, we got a capture file, does it contain exactly 10 packets?
139 $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
140 grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
141 if [ $? -eq 0 ]; then
148 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
152 # capture packets via a fifo
153 capture_step_fifo() {
155 (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
156 $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
158 -a duration:$TRAFFIC_CAPTURE_DURATION \
162 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
163 test_step_failed "exit status of $DUT: $RETURNVALUE"
167 # we should have an output file now
168 if [ ! -f "./testout.pcap" ]; then
169 test_step_failed "No output file!"
173 # ok, we got a capture file, does it contain exactly 8 packets?
174 $CAPINFOS ./testout.pcap > ./testout.txt
175 grep -i 'Number of packets: 8' ./testout.txt > /dev/null
176 if [ $? -eq 0 ]; then
181 test_step_failed "No or not enough traffic captured."
185 # capture exactly 2 times 10 packets (multiple files)
186 capture_step_2multi_10packets() {
187 if [ "$WS_SYSTEM" != "Windows" ] ; then
195 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
198 -a duration:$TRAFFIC_CAPTURE_DURATION \
200 >> ./testout.txt 2>&1
203 date >> ./testout.txt
204 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
207 # part of the Prerequisite checks
208 # probably wrong interface, output the possible interfaces
210 test_step_failed "exit status of $DUT: $RETURNVALUE"
214 # we should have an output file now
215 if [ ! -f "./testout.pcap" ]; then
216 test_step_failed "No output file!"
220 # ok, we got a capture file, does it contain exactly 10 packets?
221 $CAPINFOS ./testout.pcap > ./testout.txt
222 grep -i 'Number of packets: 10' ./testout.txt > /dev/null
223 if [ $? -eq 0 ]; then
228 test_step_failed "Probably the wrong interface (no traffic captured)!"
232 # capture with a very unlikely read filter, packets must be zero afterwards
233 capture_step_read_filter() {
234 if [ "$WS_SYSTEM" != "Windows" ] ; then
241 # valid, but very unlikely filter
243 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
245 -a duration:$TRAFFIC_CAPTURE_DURATION \
246 -R 'dcerpc.cn_call_id==123456' \
249 >> ./testout.txt 2>&1
251 date >> ./testout.txt
252 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
255 # part of the Prerequisite checks
256 # wrong interface ? output the possible interfaces
258 test_step_failed "exit status: $RETURNVALUE"
262 # we should have an output file now
263 if [ ! -f "./testout.pcap" ]; then
264 test_step_failed "No output file!"
268 # ok, we got a capture file, does it contain exactly 0 packets?
269 $CAPINFOS ./testout.pcap > ./testout.txt
270 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
271 if [ $? -eq 0 ]; then
276 test_step_failed "Capture file should contain zero packets!"
281 # capture with a snapshot length
282 capture_step_snapshot() {
283 if [ "$WS_SYSTEM" != "Windows" ] ; then
290 # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
291 # this should result in no packets
293 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
296 -a duration:$TRAFFIC_CAPTURE_DURATION \
298 >> ./testout.txt 2>&1
300 date >> ./testout.txt
301 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
304 # part of the Prerequisite checks
305 # wrong interface ? output the possible interfaces
307 test_step_failed "exit status: $RETURNVALUE"
311 # we should have an output file now
312 if [ ! -f "./testout.pcap" ]; then
313 test_step_failed "No output file!"
317 # use tshark to filter out all packets, which are larger than 68 bytes
318 $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
320 # ok, we got a capture file, does it contain exactly 0 packets?
321 $CAPINFOS ./testout2.pcap > ./testout.txt
322 grep -i 'Number of packets: 0' ./testout.txt > /dev/null
323 if [ $? -eq 0 ]; then
328 test_step_failed "Capture file should contain zero packets!"
333 wireshark_capture_suite() {
334 # Q: quit after cap, k: start capture immediately
335 DUT="$WIRESHARK -Q -k"
336 test_step_add "Capture 10 packets" capture_step_10packets
337 # piping to stdout doesn't work with Wireshark and capturing!
338 #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
339 # read filter doesn't work with Wireshark and capturing!
340 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
341 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
344 tshark_capture_suite() {
346 test_step_add "Capture 10 packets" capture_step_10packets
347 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
348 if [ $TEST_FIFO ]; then
349 test_step_add "Capture via fifo" capture_step_fifo
351 test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
352 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
355 dumpcap_capture_suite() {
358 test_step_add "Capture 10 packets" capture_step_10packets
359 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
360 if [ $TEST_FIFO ]; then
361 test_step_add "Capture via fifo" capture_step_fifo
363 # read (display) filters intentionally doesn't work with dumpcap!
364 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
365 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
368 capture_cleanup_step() {
373 rm -f ./testout2.pcap
377 test_step_set_pre capture_cleanup_step
378 test_step_set_post capture_cleanup_step
379 test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
380 test_suite_add "TShark capture" tshark_capture_suite
381 ## test_suite_add "Wireshark capture" wireshark_capture_suite
382 test_suite_add "Dumpcap capture" dumpcap_capture_suite